Updated on 2024-08-29 GMT+08:00

Controlling Access with ACL

After ACL is enabled for an instance, user authentication information must be added to both the producer and consumer configurations.

Preparing the Environment

You can connect open-source Java clients to DMS for RocketMQ. The recommended Java client version is 4.9.8.

Use either of the following methods to import a dependency:
  • Using Maven
    <dependency>
        <groupId>org.apache.rocketmq</groupId>
        <artifactId>rocketmq-client</artifactId>
        <version>4.9.8</version>
    </dependency>
    
    <dependency>
        <groupId>org.apache.rocketmq</groupId>
        <artifactId>rocketmq-acl</artifactId>
        <version>4.9.8</version>
    </dependency>
  • Downloading the dependency.

Adding User Authentication Information to the Producer

  1. Create configuration file config.yaml on the producer client and add the following authentication information to the file. If the configuration file already exists, directly add the authentication information to it.

    ACL_ACCESS_KEY: "******"
    ACL_SECRET_KEY: "******"

    ACL_ACCESS_KEY indicates the username, and ACL_SECRET_KEY indicates the user secret key. For details about how to create a user, see . Encrypt the username and key for security.

  2. Add the rpcHook parameter during producer initialization.

    • For normal, ordered, and scheduled messages, add the following code:
      RPCHook rpcHook = new AclClientRPCHook(new SessionCredentials(ACL_ACCESS_KEY, ACL_SECRET_KEY));
      DefaultMQProducer producer = new DefaultMQProducer("ProducerGroupName", rpcHook);
    • For transactional messages, add the following code:
      RPCHook rpcHook = new AclClientRPCHook(new SessionCredentials(ACL_ACCESS_KEY, ACL_SECRET_KEY));
      TransactionMQProducer producer = new TransactionMQProducer("ProducerGroupName", rpcHook);

Adding User Authentication Information to the Consumer

  1. Create configuration file config.yaml on the consumer client and add the following authentication information to the file. If the configuration file already exists, directly add the authentication information to it.

    ACL_ACCESS_KEY: "******"
    ACL_SECRET_KEY: "******"

    ACL_ACCESS_KEY indicates the username, and ACL_SECRET_KEY indicates the user secret key. For details about how to create a user, see . Encrypt the username and key for security.

  2. Add the rpcHook parameter during consumer initialization. Add the following code for normal, ordered, scheduled, and transactional messages:

    RPCHook rpcHook = new AclClientRPCHook(new SessionCredentials(ACL_ACCESS_KEY, ACL_SECRET_KEY));
    DefaultMQPushConsumer consumer = new DefaultMQPushConsumer(null, "ConsumerGroupName", rpcHook);